[Box Backup-dev] Timeouts
Martin Ebourne
boxbackup-dev@fluffy.co.uk
Thu, 07 Dec 2006 11:42:35 +0000
Ben Summers <ben@fluffy.co.uk> wrote:
> Is it possible to just set really long timeouts on the underlying =20
> SSL =10/ TCP/IP sockets?
Yes and no. Portability and compatibility is the problem here. On some =20
systems you can (often the default is already 2hrs or so), don't know =20
how to do it in a portable manner.
However, once you bring stateful firewalls into the equation you have =20
more potential problems. Some of these broken firewalls have =20
connection timeouts as low as 5 minutes, and we can't expect all box =20
users to have control over all firewalls on their route.
An alternative is tcp level keepalives. You can do these by setting =20
SO_KEEPALIVE which I think is POSIX. However, controlling how often =20
they occur is somewhat more difficult. eg. On linux you can use the =20
TCP_KEEPIDLE etc socket options, but on some systems its a kernel =20
parameter change.
I've no idea if openssl has anything protocol level we can use here, =20
otherwise the only really portable and controllable way is to do it =20
manually.
Cheers,
Martin.